CVE-2000-0977 Information

Description

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the \filename\ parameter in a POST request which is then sent by email to the address specified in the \email\ parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html http://www.securityfocus.com/bid/1807 https://exchange.xforce.ibmcloud.com/vulnerabilities/5358